Verifying ipv6 acls – Cisco 10000 User Manual

21-7

Cisco 10000 Series Router Software Configuration Guide

OL-2226-23

Chapter 21 Configuring IP Version 6

IPv6 Extended ACLs

DETAILED STEPS

Verifying IPv6 ACLs

In the following example, the show ipv6 access-list command is used to verify that IPv6 ACLs are
configured correctly:

Router> show ipv6 access-list

IPv6 access list inbound

permit tcp any any eq bgp reflect tcptraffic (8 matches) sequence 10

permit tcp any any eq telnet reflect tcptraffic (15 matches) sequence 20

permit udp any any reflect udptraffic sequence 30

IPv6 access list tcptraffic (reflexive) (per-user)

permit tcp host 2001:0DB8:1::32 eq bgp host 2001:0DB8:2::32 eq 11000 timeout 300 (time

left 243) sequence 1

permit tcp host 2001:0DB8:1::32 eq telnet host 2001:0DB8:2::32 eq 11001 timeout 300

(time left 296) sequence 2

IPv6 access list outbound

evaluate udptraffic

evaluate tcptraffic

Note

For a description of each output display field, see the show ipv6 access-list command in the IPv6 for
Cisco IOS Command Reference document.

Command or Action

Purpose

Step 1

enable

Example:

Router> enable

Enables privileged EXEC mode.

•

Enter your password if prompted.

Step 2

configure

terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3

interface

type number

Example:

Router(config)# interface ethernet 0

Specifies the interface type and number, and enters interface
configuration mode.

Step 4

ipv6 traffic-filter

access-list-name {in | out}

Example:

Router(config-if)# ipv6 traffic-filter outbound

out

Applies the specified IPv6 access list to the interface
specified in the previous step.

•

The in keyword filters incoming IPv6 traffic on the
specified interface.

•

The out keyword filters outgoing IPv6 traffic on the
specified interface.